Career At hSenid

Sunday, July 24, 2016

CAS Client Integration

Filters used in CAS Client configuration

Following states the filters used in the CAS Client integration and the purpose of each filter..

The CasAuthenticationEntryPoint will redirect the user's browser to the CAS server.

After the user's browser redirects to CAS, they will be prompted for their username and password.

(or AuthenticationHandler if using CAS 3.0) discussed above to decide whether the username and password is valid.

Upon successful login, CAS will redirect the user's browser back to the original service. It will also include a ticket parameter,

Back in the service web application, the CasAuthenticationFilter is always listening for requests.The processing filter will construct a UsernamePasswordAuthenticationTokenrepresenting the service ticket.

This authentication request will then be handed to the configured AuthenticationManager. The AuthenticationManager implementation will be the ProviderManager, which is in turn configured with the CasAuthenticationProvider.

The CasAuthenticationProvider only responds to UsernamePasswordAuthenticationTokens containing the CAS-specific principal (such asCasAuthenticationFilter.CAS_STATEFUL_IDENTIFIER) and CasAuthenticationTokens

CasAuthenticationProvider will validate the service ticket using a TicketValidator implementation

Back on the CAS server, the validation request will be received. If the presented service ticket matches the service URL the ticket was issued to, CAS will provide an affirmative response in XML indicating the username.

The Cas20TicketValidator will parse the XML received from the CAS server. It will return to the CasAuthenticationProvider aTicketResponse, which includes the username (mandatory

CasAuthenticationProvider will next request a AuthenticationUserDetailsService to load the GrantedAuthority objects

Control then returns to CasAuthenticationFilter, which places the created CasAuthenticationToken in the security context.

Configuration of CAS Client

This section describes how to setup Spring Security to authenticate Service Tickets.

The service must equal a URL that will be monitored by the CasAuthenticationFilter

  <bean id="serviceProperties"
        class="org.springframework.security.cas.ServiceProperties">
    <property name="service"
        value="https://localhost:8443/cas-sample/j_spring_cas_security_check"/>
    <property name="sendRenew" value="false"/>
  </bean>

The following beans should be configured to commence the CAS authentication process

  <security:http entry-point-ref="casEntryPoint">
   ...
     <security:custom-filter position="CAS_FILTER" ref="casFilter" />
  </security:http>

  <bean id="casFilter"
        class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
  </bean>

  <bean id="casEntryPoint"
      class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="https://localhost:9443/cas/login"/>
    <property name="serviceProperties" ref="serviceProperties"/>
  </bean>

Next you need to add a CasAuthenticationProvider and its collaborators:

<security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="casAuthenticationProvider" /> </security:authentication-manager> <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <property name="authenticationUserDetailsService"> <bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <constructor-arg ref="userService" /> </bean> </property> <property name="serviceProperties" ref="serviceProperties" /> <property name="ticketValidator"> <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <constructor-arg index="0" value="https://localhost:9443/cas" /> </bean> </property> <property name="key" value="an_id_for_this_auth_provider_only"/> </bean> <security:user-service id="userService"> <security:user name="joe" password="joe" authorities="ROLE_USER" /> ... </security:user-service>

http://docs.spring.io/spring-security/site/docs/3.1.x/reference/cas.html

Spring Framework

SPRING is the most popular application development framework for Enterprise JAVA.

It aims for high performing, easily testable, and reusable code.

First version written by Rod Johnson
Was released under Apache 2.0 license
Open Source and Cross Platform Framework
Version 4.3 has been released on 10th June 2016.

Dependency Injection & Inversion of Control

Java components or classes should be independent as much as possible from other Java classes. The advantage of that is the re usability of the classes and the possibility of unit testing(testing classes independently). To decouple java components from other components, the dependencies of a certain class should be injected to them rather than that class creating or finding that object.

Consider the following instance......

Two classes are available as Class A and Class B
Class A uses Class B as a variable which means Class A has a dependency to Class B

If Dependency Injection(DI) is used, then Class B is given via the
- constructor of Class B => constructor injection
- setter => setter injection

The general concept behind the Dependency Injection (DI) is the Inversion of Control(IoC). It is a process by which dependencies are mentioned in the above mentioned containers and the Container then injects those dependencies when it creates the bean. This process is fundamentally the inverse, hence the name Inversion of Control (IoC),

Modules

Spring is a one-spot shop place for the enterprise applications. It provides various types of software related requirements like database access,web related functionalities, software testing functionalities etc. These are supplied by the Spring framework through the unit of modules.

The Spring Framework provides about 20 modules. Following shows those modules.

As seen in the above figure, modules are present in several layers/containers. The main among these containers is the Core Layer which contain the modules providing the core functionalities of the Spring Framework. In addition to that Data Access/Integration Layer, Web Layer and Miscellaneous Layer are present. Testing module is included under the Miscellaneous Layer.

Now lets look at simple examples of usage of above mentioned modules. Web MVC is discussed as a separate blog post.

Sunday, July 10, 2016

Installing Softwares

MYSQL (Using apt-get)

$ sudo apt-get install software-properties-common
$ sudo add-apt-repository -y ppa:ondrej/mysql-5.7
$ sudo apt-get update
$ sudo apt-get install mysql-server

check.....

rahul@tecadmin:~$ mysql --version mysql

Ver 14.14 Distrib 5.6.19, for debian-linux-gnu (x86_64) using  EditLine wrapper

start.....

mysql -u root -p

check status......

sudo /etc/init.d/mysql status

sudo /etc/init.d/mysql stop

sudo /etc/init.d/mysql start

APACHE (Using apt-get)

sudo apt-get update
sudo apt-get install apache2

check with localhost

PHP(Using apt-get)


To install PHP,

sudo apt-get install php5 libapache2-mod-php5 php5-mcrypt


It may also be useful to add php to the directory index, to serve the relevant php index files. This will ask to load .php files first


sudo nano /etc/apache2/mods-enabled/dir.conf


Add index.php to the beginning of index files.


<IfModule mod_dir.c>

          DirectoryIndex index.php index.html index.cgi index.pl index.php index.xhtml index.htm

</IfModule>


PHP Modules


to see the libraries available

apt-cache search php5-

sudo apt-get install name of the module


to see PHP on the server

sudo nano /var/www/html/info.php


Add following lines

<?php
phpinfo();
?>

PhpMyAdmin (Using apt-get)


to install

sudo apt-get install phpmyadmin apache2-utils


add phpmyadmin to the apache configuration


sudo nano /etc/apache2/apache2.conf

Include /etc/phpmyadmin/apache.conf


restart the server

sudo service apache2 restart

JAVA

verify java is present.....

java -version

if installed

java version "1.7.0_25"
Java(TM) SE Runtime Environment (build 1.7.0_25-b15)
Java HotSpot(TM) Client VM (build 23.25-b01, mixed mode, sharing)

first completely remove any java.....

http://askubuntu.com/questions/84483/how-to-completely-uninstall-java

then manually install(below perfectly work :) )

https://www.digitalocean.com/community/tutorials/how-to-manually-install-oracle-java-on-a-debian-or-ubuntu-vps

`TOMCAT`

https://www.digitalocean.com/community/tutorials/how-to-install-apache-tomcat-8-on-ubuntu-14-04

do not give any folder ownership
set catalina path in bashrc

configuring tomcat

https://examples.javacodegeeks.com/enterprise-java/tomcat/tomcat-users-xml-configuration-example/

http://blog.techstacks.com/2009/05/tomcat-management-setting-up-tomcat.html

MAVEn

http://basicgroundwork.blogspot.com/2014/07/installing-maven-322-on-ubuntu-1404.html

ON WINDOWS

1) Java

https://www3.ntu.edu.sg/home/ehchua/programming/howto/JDK_Howto.html

setting up java Environment variables

https://www3.ntu.edu.sg/home/ehchua/programming/howto/JDK_HowTo.html#jdk-install-step3

2) Xampp

http://www.wikihow.com/Install-XAMPP-for-Windows

3) Maven

http://www.mkyong.com/maven/how-to-install-maven-in-windows/

Tuesday, July 5, 2016

HTTPS/SSL

In the previous post I talked about HTTP, the protocol over which data is sent between your browser and the website you are connected to. We saw that there is no protection provided for the data communicated using HTTP. A sneaker can steal the information in the middle of the communication channel.

The story of HTTP and HTTPS goes as below....... :)

In the beginning, network administrators had to figure out how to share the information they put out on the Internet.

They agreed on a procedure for exchanging information and called it HyperText Transfer Protocol (HTTP).

Once everyone knew how to exchange information, intercepting on the Internet was not difficult. So knowledgeable administrators agreed upon a procedure to protect the information they exchanged.

As a result HTTPS simply mean Secure HTTP emerged. Afterwards it spread at a very high rate among the website holders. Following statistics shows its usage spreading profile.

As of June 1, 2016 43.1% of the Internet’s 141,387 most popular websites have a secure implementation of HTTPS

As of June 28, 2016 10.2% of Alexa top 1,000,000 websites use Https as default

The protection relies on SSL Certificate to encrypt the online data.

Above figure clearly depicts that HTTPS is a secure form of HTTP. Lets dig more deep into

What is HTTPS....?

As shown above in the diagram HTTP protocol is integrated with SSL(Secure Socket Layer) protocol. Sometimes it can also be TLS(Transport Layer Protocol).

Looking at the below figure , HTTP directly communicates with TCP in the Transport Layer. But in HTTPS, a SSL Record Layer Protocol acts as an intermediate between the application and the Transport Layer protocol. It supports the use of a Digital Certificate from the server. This enables the user to authenticate the server preventing Man-in-the-middle attack.

Now let us see what is a SSL Certificate in HTTPS.......

It is just like the passport or the ID of the server, issued by a official and a trusted third party agency called a CA(Certificate Authority).
It provides identifying information like
- name of the certificate holder
- serial number
- expiration dates
- copy of the certificate holders public key.

Website needs an SSL certificate to establish a secure connection.

Since browser trusts the CA, then browser now trusts the Organisations' identity(websites' identity) by examining the SSL Certificate. Now let's see how HTTPS works using this SSL connection. Below figure shows a a friendly figure of how HTTPS works with the SSL connection. Always SSL or TLS uses 'asymmetric' public key infrastructure (PKI) system which uses two keys 'public key' and 'private key' for the encrypted communication. Here the client is always the browser whereas the server is the Organisations' website.

If the process is explained in brief.........

First the browser the sends the request for a HTTPS connection to the webpage.
The corresponding website initially sends the SSL certificate it has purchased from the Certificate Authority(CA). This certificate contains the public key in the communication.
Then the browser validates the certificate examining its expiry date, and other parameters and comparing it with the list of trusted CA root certificates that the browsers maintain.
Once the certificate is validated, it encrypts the private key(session key) with the public key found in the certificate and send it to the website server.
The server, decrypts the obtained session key using its private key. Finally sends an acknowledgement encrypted with the session key saying he is ready for the communication.

Obtaining a SSL Connection to Your Website......

Each website sits on a computer called a Web Server. Each web server is connected to the internet always and given a unique address made up of series of 4 numbers. For example, 68.178.157.132 or 68.122.35.127 .Naming 4 leading web servers

Among them Apache HTTP Web Server is the most popular since it is open source and supports several OSs . Famous in Linux distributions. So in this blog I'm gonna describe the SSL integration in Apache Web Server and later on Tomcat integrated on top of Apache.

There are two ways in obtaining a SSL certificate to the website.
They are namely
01) Purchase from a certificate Authority like digicert, comodo etc.

02) Create a self signed certificate

Purchase from a certificate Authority

In this process there are different type of certificates you have to decide to obtain such as EV SSL certificate, Wild card certificate etc at different price levels. But the basic outline procedure is nearly same.Procedure is clearly explained in the sites' corresponding certificate type. Roughly it is like

Generate two files private key file (for the decryption of the SSL certificate) and CSR (Certificate Signing Request) file (it is used to create the SSL certificate)

has to provide some informational data and be aware in providing common name(domain name)
Open the CSR file and copy and paste it in the certificate order form
After receiving the SSL certificate from the CA, install it. Follow the instruction provided in the CA site. In installation process, important to save a backup of the private key file since it is required in the certificate installation.

1) Download and copy the certificate with the private key to the server directory.

2) Find Apache configuration file and edit <VirtualHost> block for the SSL enabled site. Below shows a simple SSL configuration of a virtual host.
Test your apache config before restarting using command
```
apachectl configtest
```
Restart apache
```
apachectl stop
apachectl start
```

Create a self signed certificate

Step 1
First enable the SSL module on your system by typing

sudo a2enmod ssl

For the change to applied restart the server

sudo service apache2 restart

Step 2

Create a self signed certificate and the key by issuing the following command. Here a ssl sub-directory is created in the etc/apache directory to store all the keys and self signed certificates.

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/apache2/ssl/apache.key -out /etc/apache2/ssl/apache.crt

In above openssl is the basic command tool for creating keys, certificate and csr
-x509: indicates we want a self signed request instead of a certificate request
-out specify the output directory

In this step you'll be asked several questions and common name is the domain name you would like to associate the certificate with. access the site with this afterwards.

Step 3

Configure apache to use SSL. Below shows the SSL module structure.

Step 4

Activate SSL virtual host by typing the below command

             sudo a2ensite default-ssl.conf

Then a symlink is made in the sites-enabled directory. To apply the changes restart the server.

Step 5

Test the Set up

https://server_domain_name_or_IP

https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Monday, June 20, 2016

HTTP

Before rushing to what is HTTP and what is HTTPS, lets proceed with the basic details and the derivation of HTTPS in the field of Data Communication in Information Technology.

Communication is an essential factor for human existence. Since the past, different types of communications among humans has brought them a so far of a distance as present. Below figure shows different kinds of communications among humans.

In Human Communication, they convey their ideas to each other. And with the ideas taken from others, humans process them inside their heads in order to reach a final decision.

Heads in humans are equivalent to the Computers in Information Technology. Furthermore, Computers can be known as the foundation element in IT. Thus....

Have you ever thought of communication in IT ...?

So the communication in IT takes place through the main unit of Computers. Message receive, message processing, message output delivering is done by Computers. Here the word 'message ' refers to a collection of data. Below figure shows the five main components involved in the communication process in

Message is a collection of data in a chosen format
Sender and Receiver are two computers communicating
Medium can be a cable medium or a wireless medium
Protocol is a set of rules and instructions to be used in the communication procedure by its endpoints

HTTP is another Protocol

What exactly is HTTP?

As mentioned earlier, HTTP...., abbreviation for Hyper Text Transfer Protocol is a Protocol..., that is a set of instructions describing a data communication procedure. It allows to transfer various data formats between the sender and receiver such as

- Plaintext

- Hypertext
- Images
- Video
- Sound

In brief it is the foundation of data communication in the World Wide Web.

The environment in which this data communication occurs and all the data communication components(sender, receiver, message document) resides is known as World Wide Web(Web). In the Web the documents and resources like computers are identified by URLs(something like an address given for each item in the Web)

Features of HTTP...

1) It is a request-response protocol in the client-server computing modal

A web browser, for example, may be the client and an application running on a computer hosting a web site may be the server.

The client submits an HTTP request message to the server.

The server, returns a response message to the client.

The response contains the requested message body, status information about the response

2) It is an Application Layer Protocol

For the purpose of vivid explanation and understanding of the data communication, common frame of reference was introduced. OSI (Open Systems Interconnect Reference Mode) was the first reference model to discuss the data communication. It contains 7 layers and each layer describes the function performed when data is transferred between two applications. From below link can get more of a understanding on the functionalities of each layer.

http://www.diablotin.com/librairie/networking/tcpip/ch01_02.htm

After the OSI model, TCP/IP model was introduced with an abstraction of layers. It consists of only 4 layers and the data communication is described in terms of 4 layers. Out of these 4 layers, HTTP is an Application Layer Protocol.Below figure shows the layered architecture description for data communication.

The protocols in the Application layer is responsible for process-to-process communication/ application-to-application communication. This layer is responsible only for standardizing the communication. To perform host-to-host communication, this Application layer protocols depend on the Transport Layer protocols like TCP.

3) It is media independent

As mentioned earlier any type of data can be sent over HTTP protocol such as plain text, hypertext, images, videos etc.

4) It is a stateless protocol

This means that the HTTP protocol treats each request as an independent transaction and is not related to any of the previous requests. This makes the communication to consist of unique request-response pairs.

This stateless design makes the server design simple, since there is no need of dynamically allocating

HTTP URLs (Uniform Resource Locater)

A URL is used to uniquely identify a resource over the web.

Syntax :

protocol://hostname:port/path-and-file-name\

http://xxx.myplace.com:80/cgi-bin/t.html

protocol (http, ftp, smtp,dns,news..etc)

host name (name.domain name)

port (usually 80 but many on 8080)

directory path to the resource

resource name

How HTTP works......

Client wants to visit http://www.yahoo.com

Request is sent to the DNS Server. It converts the domain name and send the Server IP

The IP address is sent to the web server make the connection

Requested web page is sent by the server after establishing the connection

HTTP Request Message

HTTP Response Message

HTTP Redirection

when a web page is visited at a certain URL, it changes to a different URL

eg :

a person visits "website.com/page-a" in their browser

But it is redirected to

"website.com/page-b" instead

A redirected URL would open up a page with another URL

The server specifies the redirection by returning 3xx status code (set aside for redirects)

Few Applications of Http Redirect

if the company is migrating to a new web site, all requests can be redirected from the old to the new website

when the domain name is misspelled by users, organisations register likely misspelled domains and redirect them to the correct location

redirection is used by URL shortening services

Cookies

method of maintaining states between HTTP requests

small piece of data sent from website and stored in the user’s web browser at the first time user visits that web site

Every other time the user visits the same web site, the browser sends the cookie back to the server to notify the website about user’s previous activity

eg: Amazon

The more you use the site, the more Amazon understands what kind of products you

search for and buy.

make recommendations of products you might like

help prevent extensive searching in such a big store

Web Caching

Is a technology that significantly enhance the web browsing experience

Web cache is the temporary storage place for web documents (HTML pages,images etc) requested from the internet

After the original request, further requests for the same file are returned from the cache in the LAN

Advantages

- users experience a fast download

- bandwidth usage is extensively reduced and free for another delivery

- content available during network interruptions

Pages